Apple Publishes Guide To iOS Security

Security on iOS devices is becoming more of a hot topic these days, thanks to comments made by security notables like Eugene Kaspersky who warn of future malware attacks that could take down the immense monoculture operating system.

Apple is not ignoring the threat. In fact, the iPhone-maker has published a 19-page iOS security document outlining the company’s commitment to security on the mobile platform.

The free PDF document, available here, describes Apple’s approach to security. The system architecture section has the details, regarding the integration of hardware and software on the devices. This section also describes how the integration of hardware and software allows for the validation of activities through all processes.

For example, when an iOS device is first turned on, it goes through a cryptographically signed boot up process. Each step of this bootup process proceeds only after verifying the chain of trust. There is a description of how app code signing and sandboxing are used to ensure that apps cannot compromise the system or other apps.

Hardware security features built into every iOS device would be a cool idea. A dedicated AES256 crypto engine lodged between flash storage and system memory, using the device’s User ID (UID) and a group ID to cryptographically tie data to a particular device. There is also a fully detailed description of device access and network security.

The document should be of great interest (and comfort) to those who are deploying large numbers of iOS devices in enterprises and government settings.

Do you feel that your iOS device is more secure now? Post your comments.

The Apple Bites is giving away free iTunes Gift-cards for exciting games and interesting apps. All you need to do is to participate in the discussions The Apple Bites starts. No offensive words allowed. No spamming! The winners would be contacted and the gift cards would be given to them.